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[DOCUMENT NAME] SPECIFICATION 

[TITLE OF THE INVENTION] UNJUST WIRELESS STATION DETECTING 
SYSTEM, APPARATUS USED THEREIN, AND METHOD THEREOR 
[APPLICABLE FIELD IN THE INDUSTRY] 



The present invention relates to an unjust wireless 
station detection system, and an operation administering 
apparatus, a wireless base station and a wireless 
communication terminal that are used therefor, as well as 

10 a method thereof, and more particularly, to a method of 
monitoring a wireless station that emerges in the 
environments in which a wireless LAN system is utilized, 
and of preventing information leakage from the above 
wireless station. 

15 [BACKGROUND ART] 



With regard to a detection of an unjust access point 
(AP) in the wireless LAN system, the technology associated 
with a network security system, a computer unit, a 
20 recognition process method of the access point, a check 

method of the access point, a program, a record medium and 
a device for a wireless LAN is disclosed in patent 
document 1 . 



5 
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[0002] 



[0003] 



25 



An SSID that is used as an identifier will be 
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explained before the disclosed invention is explained. In 
the wireless LAN (IEEE 802.11), a group of a terminal and 
a base station each of which communicates with the other 
is referred to as a basic service set, and the identifier 
5 of its group as a BSSID. A physical address (MAC (Media 
Access Control) address) of the base station is used as 
the identifier in a mode in which the base station and the 
terminal communicate with each other. In a mode (ad-hoc 
mode) in which the terminal companions communicate with 

10 each other, the identifier assumes an arbitrary value that 
the terminal allots (its uniqueness is not guaranteed in a 
strict sense because it is allotted by each terminal) . 
Further, the group (wireless LAN system) that is 
configured of one BSS or more is referred to as an 

15 extended service set (ESS), and the identifier of its 
group as an SSID. 
[0004] 

In the disclosed invention, in the wireless LAN system 
of Fig. 1, a normal (administration-object) wireless LAN 

20 client executes a scanning process, thereby to extract the 
identifier (SSID: Service Set ID) of the wireless LAN from 
a packet of the surrounding access point (hereinafter, 
abbreviated to the AP) and to prepare an AP detection list 
that is configured of the SSIDs. Next, in a case where, as 

25 a result of making a comparison with the SSID of a pre- 
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registered AP permission list, the not-registered SSID 
exits, it is judged that the unjust AP exits, and the 
location in which the unjust AP exits is notified, which 
enables its unjust AP to be withdrawn. Further, in the 
5 case of having detected the unjust AP, by operating a 
router, a data is prohibited from being 
transmitted/received to/from the unjust AP. 

[Patent document 1] JP-P2003-198571A 
[DISCLOSURE OF THE INVENTION] 
10 [PROBLEMS TO BE SOLVED BY THE INVENTION] 

[0005] 

The disclosed invention, however, has the following 
problems. The first problem lies in a point of employing 
the identifier of the wireless LAN system that is not 

15 unique as the identifier of the unjust AP. Specifically, 
the identifier (SSID: Service Set ID) of the wireless LAN 
system, which is an identifier to be set at the time of 
erecting the wireless LAN system, assumes a value that a 
user can easily change, whereby there exists the problem 

20 that the unjust AP telling a falsehood about the SSID, i.e. 
saying that it is an already-registered one cannot be 
detected. 
[0006] 

Further, as mentioned previously, when the unjust AP 
25 is investigated by employing the SSID, it cannot be 
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determined whether the number of the unjust AP is single 
or plural because the identical identifier (SSID) of the 
wireless LAN system can be allotted to the wireless LAN 
base station (AP) , which gives to the problem that an 
5 administrator who carries out the withdrawal practice of 
the unjust AP cannot determine the number of the unjust AP 
that are to be investigated/withdrawn. 
[0007] 

The second problem lies in a point of detecting the 
10 unjust AP only by means of the identifier (SSID) of the 
wireless LAN system. Specifically, as the appliance that 
outputs the identifier (SSID) of the wireless LAN system, 
there are a wireless LAN base station (AP) that operates 
in a infrastructure mode, and a wireless LAN client that 
15 operates in an ad-hoc mode; however, both of the wireless 
LAN base station (AP) and the wireless LAN client have to 
be investigated as a candidate for the unjust AP because 
each of them is not differentiated from the other in the 
disclosed invention, which gives rise to the problem that 
20 investigation efficiency is bad. 
[0008] 

The third problem lies in a point that the wireless 
LAN appliance provided with a function of concealing the 
SSID exits in the market, whereby, in a case where the 
25 unjust base station (AP) utilizes its function, it cannot 
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be detected. The fourth problem lies in a point that there 
is no specific description of prohibiting 

transmission/reception of a data to/from the unjust base 
station (AP) . 
5 [0009] 

The present invention has been accomplished for 
solving the above-mentioned problems , and an object 
thereof is to provide an unjust wireless station detection 
system for realizing both of an improvement in a security 

10 by detecting/notifying existence of an unjust wireless 

station to prevent information from leaking from the above 
unjust wireless station and an enhancement in efficiency 
of the above security administration practice, an 
operation administering apparatus, a wireless base station 

15 and a wireless communication terminal that are used 
therefor as well as a method thereof. 
[MEANS TO SOLVE THE PROBLEM] 
[0010] 

The first invention for solving the above-mentioned 
20 problem, which is a wireless communication system 

including an administration-object wireless base station 
having a specific identifier, is characterized in 
including an unjust wireless station detecting means for, 
based upon the specific identifier to be included in a 
25 wireless frame, detecting existence of an unjust wireless 
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station, 

[0011] 

The second invention for solving the above-mentioned 
problem is characterized in that, in the above-mentioned 
5 first invention, the unjust wireless station detecting 
means includes: a comparing means for comparing the 
specific identifier with a pre-registered specific 
identifier; and a means for determining the unjust 
wireless station based upon this comparison result. 
10 [0012] 

The third invention for solving the above-mentioned 
problem is characterized in that, in one of the above- 
mentioned first and second inventions, when a group of a 
wireless communication terminal and a wireless base 
15 station each of which communicates with the other is 

assumed to be a basic service set, the specific identifier 
is an identifier (BSS identifier) for identifying this 
basic service set. 
[0013] 

20 The fourth invention for solving the above-mentioned 

problem is characterized in that, in the above-mentioned 
third invention, the unjust wireless station detecting 
means further includes a means for determining a 
classification of the unjust wireless station from the BSS 

25 identifier. 
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[0014] 

The fifth invention for solving the above-mentioned 
problem is characterized in that, in one of the above- 
mentioned third to fourth inventions, the unjust wireless 
5 station detecting means further includes a means for 

determining a producer of the unjust wireless station from 
the BSS identifier. 
[0015] 

The sixth invention for solving the above-mentioned 
10 problem is characterized, in one of the above-mentioned 
first to fifth inventions, in: including an 

administration-object wireless base station having a means 
for acquiring a wireless frame to obtain the specific 
identifier, which is administered by a system; and that 
15 the unjust wireless station detecting means further 

includes a means for obtaining the specific identifier 
from the administration-object wireless base station. 
[0016] 

The seventh invention for solving the above-mentioned 
20 problem is characterized, in one of the above-mentioned 
first to fifth inventions, in: including an 
administration-object wireless communication terminal 
having a means for acquiring a wireless frame to obtain 
the specific identifier, which is administered by a 
25 system; and that the unjust wireless station detecting 
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means further includes a means for obtaining the specific 
identifier from the administration-object wireless 
communication terminal. 
[0017] 

5 The eighth invention for solving the above-mentioned 

problem is characterized in that, in one of the above- 
mentioned first to sixth inventions, the unjust wireless 
station detecting means further includes a means for 
notifying the effect that utilization of the unjust 
10 wireless station is prohibited to the administration- 
object wireless communication terminal connected to the 
unjust wireless station. 
[0018] 

The ninth invention for solving the above-mentioned 
15 problem is characterized, in one of the above-mentioned 
first and sixth inventions, in: further including a 
switching apparatus; that the unjust wireless station 
detecting means further includes a means for detecting an 
address of the unjust wireless communication terminal 
20 connected to the unjust wireless station to notify the 

address to the switching apparatus: and that the switching 
apparatus includes a means for scrapping the wireless 
frame including the address. 

[0019] 

25 The tenth invention for solving the above-mentioned 



problem is characterized in that, in one of the above- 
mentioned first to sixth inventions, the unjust wireless 
station detecting means further includes a means for 
notifying the unjust wireless communication terminal to 
the administration-object wireless base station, and 
further, for notifying the unjust wireless station to the 
administration-ob j ect wireless communication terminal 
connected to the administration-object wireless base 
station . 

[0020] 

The eleventh invention for solving the above-mentioned 
problem is characterized in that, in one of the above- 
mentioned first to sixth inventions, the unjust wireless 
station detecting means further includes a means for 
taking a control so as to incapacitate the unjust wireless 
communication terminal connected to the administration- 
object wireless base station from communicating. 

[0021] 

The twelfth invention for solving the above-mentioned 
problem is characterized in that, in one of the above- 
mentioned first to sixth inventions: the unjust wireless 
station detecting means further includes a means for 
notifying an identifier (SS identifier) for identifying a 
service set of the unjust wireless station acquired from 
the wireless frame to the administration-object wireless 
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base station around the unjust wireless station; and the 
administration-object wireless base station receiving a 
notification of the SS identifier includes a means for, in 
a case of having received a wireless frame from the 
5 wireless communication terminal having a connection by 
using an identical value to that of the SS identifier, 
scrapping this wireless frame. 
[0022] 

The thirteenth invention for solving the above- 
10 mentioned problem, which is an operation administering 

apparatus in a wireless communication system including an 
administration-object wireless base station having a 
specific identifier, is characterized in including an 
unjust wireless station detecting means for, based upon 
15 the specific identifier to be included in a wireless frame, 
detecting existence of an unjust wireless station. 
[0023] 

The fourteenth invention for solving the above- 
mentioned problem is characterized in that, in the above- 

20 mentioned thirteenth invention, the unjust wireless 

station detecting means includes: a comparing means for 
comparing the specific identifier with a pre-registered 
specific identifier; and a means for determining the 
unjust wireless station based upon this comparison result. 

25 [0024] 



The fifteen invention for solving the above-mentioned 
problem is characterized in that, in one of the above- 
mentioned thirteenth and fourteenth inventions, when a 
group of a wireless communication terminal and a wireless 
base station each of which communicates with the other is 
assumed to be a basic service set, the specific identifier 
is an identifier (BSS identifier) for identifying this 
basic service set. 

[0025] 

The sixteenth invention for solving the above- 
mentioned problem is characterized in, in the above- 
mentioned fifteenth invention, further including a means 
for determining a classification of the unjust wireless 
station from the BSS identifier. 

[0026] 

The seventeenth invention for solving the above- 
mentioned problem is characterized in, in one of the 
above-mentioned fifteenth and sixteenth inventions, 
further including a means for determining a producer of 
the unjust wireless station from the BSS identifier. 

[0027] 

The eighteenth invention for solving the above- 
mentioned problem is characterized in, in one of the 
above-mentioned thirteenth to seventeenth inventions, 
including a means for obtaining the specific identifier 
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from the administration-object wireless base station 
configured so as to acquire the wireless frame 
administered by the system, thereby to obtain the specific 
identifier . 
5 [0028] 

The nineteenth invention for solving the above- 
mentioned problem is characterized in, in one of the 
above-mentioned thirteenth to seventeenth inventions, 
further including a means for obtaining the specific 
10 identifier from the administration-object wireless 

communication terminal configured so as to acquire the 
wireless frame administered by the system, thereby to 
obtain the specific identifier. 
[0029] 

15 The twentieth invention for solving the above- 

mentioned problem is characterized in, in one of the 
above-mentioned thirteenth to eighteenth inventions, 
further including a means for notifying the effect that 
utilization of the unjust wireless station is prohibited 

20 to the administration-object wireless communication 
terminal connected to the unjust wireless station. 
[0030] 

The twenty-first invention for solving the above- 
mentioned problem is characterized in, in one of the 
25 above-mentioned thirteenth to eighteenth inventions, 
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further including a means for detecting an address of the 
unjust wireless communication terminal connected to the 
unjust wireless station to notify the address to the 
switching apparatus . 
5 [0031] 

The twenty-second invention for solving the above- 
mentioned problem is characterized in, in one of the 
above-mentioned thirteenth to eighteenth inventions, 
further including a means for notifying the unjust 
10 wireless communication terminal to the administration- 
object wireless base station, and further, for notifying 
the unjust wireless station to the administration-object 
wireless communication terminal connected to the 
administration-object wireless base station. 
15 [0032] 

The twenty-third invention for solving the above- 
mentioned problem is characterized in, in one of the 
above-mentioned thirteenth to eighteenth inventions, 
further including a means for taking a control so as to 
20 incapacitate the unjust wireless communication terminal 
connected to the administration-object wireless base 
station from communicating. 

[0033] 

The twenty-fourth invention for solving the above- 
25 mentioned problem is characterized in, in one of the 



- 14 - 



above-mentioned thirteenth to eighteenth inventions, 
further includes a means for notifying an identifier (SS 
identifier) for identifying a service set of the unjust 
wireless station acquired from the wireless frame to the 
5 administration-object wireless base station around the 
unjust wireless station. 
[0034] 

The twenty-fifth invention for solving the above- 
mentioned problem, which is a wireless base station in a 

10 wireless communication system including an administration- 
object wireless base station having a specific identifier 
and an operation administering apparatus for making an 
operational administration for a system, is characterized 
in including: a means for acquiring the specific 

15 identifier from a wireless frame; and a means for 
notifying the specific identifier to the operation 
administering apparatus in order to detect existence of 
the unjust wireless station. 
[0035] 

20 The twenty-sixth invention for solving the above- 

mentioned problem is characterized in, in the above- 
mentioned twenty-fifth invention, further including a 
means for receiving a notification of the unjust wireless 
communication terminal from the operation administrating 

25 apparatus to incapacitate the unjust wireless 
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communication terminal from communicating. 
[0036] 

The twenty-seventh invention for solving the above- 
mentioned problem is characterized in, in one of the 
5 above-mentioned twenty-fifth and twenty-sixth inventions, 
further including a means for receiving a notification of 
an identifier (SS identifier) for identifying a service 
set of the unjust wireless station from the operation 
administering apparatus, and for, in the case of having 
10 received a wireless frame from the wireless communication 
terminal having made a connection by using an identical 
value to that of the SS identifier, scrapping this 
wireless frame. 
[0037] 

15 The twenty-eighth invention for solving the above- 

mentioned problem, which is a wireless communication 
terminal in a wireless communication system including an 
administration-object wireless base station having a 
specific identifier and an operation administering 

20 apparatus for making an operational administration for a 
system, is characterized in including: a means for 
acquiring the specific identifier from a wireless frame; 
and a means for notifying the specific identifier to the 
operation administering apparatus in order to detect 

25 existence of the unjust wireless station. 
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[0038] 

The twenty-ninth invention for solving the above- 
mentioned problem is characterized in, in the above- 
mentioned twenty-eighth invention, further including a 
5 means for prohibiting utilization of the unjust wireless 
station notified from the operation administering 
apparatus . 
[0039] 

The thirtieth invention for solving the above- 
10 mentioned problem, which is an unjust wireless station 
detection method in a wireless communication system 
including an administration-object wireless base station 
having a specific identifier, is characterized in 
including a step of detecting existence of an unjust 
15 wireless station based upon the specific identifier to be 
included in a wireless frame. 
[0040] 

The thirty-first invention for solving the above- 
mentioned problem, which is an operational control method 

20 of a wireless base station in a wireless communication 
system including an administration-object wireless base 
station having a specific identifier and an operation 
administering apparatus for making an operational 
administration for a system, is characterized in including 

25 the steps of: acquiring the specific identifier from a 
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wireless frame; and notifying the specific identifier to 
the operation administering apparatus in order to detect 
existence of the unjust wireless station. 
[0041] 

5 The thirty-second invention for solving the above- 

mentioned problem, which is an operational control method 
of a wireless communication terminal in a wireless 
communication system including an administration-object 
wireless base station having a specific identifier and an 

10 operation administering apparatus for making an 

operational administration for a system, is characterized 
in including the steps of: acquiring the specific 
identifier from a wireless frame; and notifying the 
specific identifier to the operational administration 

15 apparatus in order to detect existence of the unjust 
wireless station. 
[0042] 

The thirty-third invention for solving the above- 
mentioned problem, which is a program for causing a 

20 computer to execute an unjust wireless station detection 
method in a wireless communication system including an 
administration-object wireless base station having a 
specific identifier, is characterized in including a 
process of detecting existence of an unjust wireless 

25 station based upon the specific identifier to be included 
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in a wireless frame. 
[0043] 

The thirty-fourth invention for solving the above- 
mentioned problem, which is a program for causing a 
5 computer to execute an operational control method of a 
wireless base station in a wireless communication system 
including an administration-object wireless base station 
having a specific identifier and an operational 
administration apparatus for making an operational 

10 administration for a system, is characterized in including 
the processes of: acquiring the specific identifier from a 
wireless frame; and notifying the specific identifier to 
the operational administering apparatus in order to detect 
existence of the unjust wireless station. 

15 [0044] 

The thirty-fifth invention for solving the above- 
mentioned problem, which is a program for causing a 
computer to execute an operational control method of a 
wireless communication terminal in a wireless 

20 communication system including an administration-object 

wireless base station having a specific identifier and an 
operational administering apparatus for making an 
operational administration for a system, is characterized 
in including the processes of: acquiring the specific 

25 identifier from a wireless frame; and notifying the 
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specific identifier to the operation administering 
apparatus in order to detect existence of the unjust 
wireless station. 
[0045] 

5 An operation of the present invention will be 

described. The wireless station, being an object of 
administration, searches a wireless space over a plurality 
of frequency channels and acquires the BSS identifier, 
being an ID specific to each base station, and a frame 

10 transmission source identifier from the frame propagating 
through a space, and the operation administering apparatus 
compares this acquired BBS identifier with the BSS 
identifier of the base station registered as the base 
station that is an object of administration, thereby to 

15 detect the unjust wireless station. Further, the operation 
administering apparatus employs the acquired frame 
transmission source identifier, thereby to determine its 
classification and its producer as well. In addition 
hereto, it notifies existence of this unjust wireless 

20 station to the administration-object (normal) wireless 
base station, the administration-object terminal, the 
switching apparatus, etc., and instructs them for 
scrapping the frame from the unjust wireless station and 
disconnecting communication therewith, and so on, thereby 

25 enabling a measure for making communication with the 
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unjust wireless station impossible. 
[EFFECTS OF THE INVENTION] 

[0046] 

In accordance with the monitor system of the present 
5 invention, a falsehood etc. by an unjust user etc. is not 
permitted and it becomes possible to detect the unjust 
base station because the BSS identifier, being an 
identifier specific to each wireless station, is acquired 
from the frame that the unjust wireless station sends out 
10 to the wireless space to specify the unjust wireless 
station based upon this BSS identifier. Further, it 
becomes possible to investigate the unjust wireless 
station after narrowing the scope thereof down because an 
organization name indicating the producer of the above 
15 unjust wireless station is determined from one part of the 
BSS identifier. 
[0047] 

Further, the frame transmission source identifier of 
the terminal having a connection with the unjust wireless 

20 station is acquired, the above frame transmission source 
identifier is set for a wire LAN switch, and the frame is 
scrapped in a case where the transmission source 
identifier of the frame that goes through the above wire 
LAN switch coincides therewith, thereby making it possible 

25 to hinder communication between the terminal having a 



connection with the unjust wireless station and a node 
within a wire net. 

[BRIEF DESCRIPTION OF THE DRAWINGS] 

[0048] 

[Fig. 1] Fig. 1 shows a wireless LAN monitor system t 
which the present invention applies. 

[Fig. 2] Fig. 2 shows a functional block of each 
component of the wireless LAN monitor system of an 
embodiment 1 and an embodiment 2. 

[Fig. 3] Fig. 3 shows a process flow of the wireless 
LAN monitor system of the embodiment 1 and the embodiment 
2. 

[Fig. 4] Fig. 4 shows a process flow of the operation 
administering apparatus in the process flow of the 
wireless LAN monitor system of the embodiment 1 and the 
embodiment 2 . 

[Fig. 5] Fig. 5 shows a process flow of the operation 
administering apparatus in the process flow of the 
wireless LAN monitor system of the embodiment 1 and the 
embodiment 2 . 

[Fig. 6] Fig. 6 shows an example illustrating a 
connection/installation of the administration-object AP 
and the terminal, and of the unjust AP and the terminal. 

[Fig. 7] Fig. 7 shows an example illustrating an 
installation location of the administration-object AP and 
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the SW. 

[Fig. 8] Fig. 8 shows an example of various kinds of 
information lists that the operation administering 
apparatus retains . 

[Fig. 9] Fig. 9 shows an example illustrating the 
installation location of the SW and the administration- 
object AP, and the neighborhood of the unjust AP. 

[Fig. 10] Fig. 10 shows a process flow of the wireless 
LAN monitor system of an embodiment 3. 

[Fig. 11] Fig. 11 shows a functional block of each 
component of the wireless LAN monitor system of the 
embodiment 3 . 

[Fig. 12] Fig. 12 shows a process flow of the 
operation administering apparatus in the process flow of 
the wireless LAN monitor system of the embodiment 3. 

[Fig. 13] Fig. 13 shows a process flow of the 
operation administering apparatus in the process flow of 
the wireless LAN monitor system of the embodiment 3. 

[Fig. 14] Fig. 14 shows an example of various kinds of 
information lists that the operation administering 
apparatus of the embodiment 3 retains. 

[Fig. 15] Fig. 15 shows a functional block of each 
component of the wireless LAN monitor system of the 
embodiment 4 . 

[Fig. 16] Fig. 16 shows an example of the company ID 
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list to be retained by the operation administering 
apparatus of the embodiment 4 . 

[Fig. 17] Fig. 17 shows a process flow of the wireless 
LAN monitor system of an embodiment 5. 
5 [Fig. 18] Fig. 18 shows a functional block of each 

component of the wireless LAN monitor system of the 
embodiment 5 . 

[Fig. 19] Fig. 19 shows an example of the receivable 
BSS identifier list B to be retained by the operation 
10 administering apparatus of the embodiment 5. 

[Fig. 20] Fig. 20 shows a process flow of the 
operation administering apparatus in the process flow of 
the wireless LAN monitor system of the embodiment 5. 

Fig. 21] Fig. 21 is a process flow of the operation 
15 administering apparatus in the process flow of the 
wireless LAN monitor system of the embodiment 5. 
[DESCRIPTION OF NUMERALS] 
[0049] 

100 wireless LAN operation administering apparatus 
20 101 administration-object AP list (BSS identifier) 

102 receivable BSS identifier list 

103 unjust AP list 

104 unjust ad-hoc list 

105 unjust AP utilization terminal list 

25 106 administration-object AP list (AP identifier) 
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107 administration-object terminal list (terminal 





identifier) 




108 


operational processor 




109 


AP installation position list 


5 


110 


SW installation position list 




111 


transmission/reception section 




112 


unjust AP detection terminal list 




113 


monitor process executor 




114 


frame transmission source identifier list 


10 


115 


unjust AP detection AP list 




116 


company ID list 




200 


display 




201 


display section 




202 


transmission/reception section 


15 


300 


administration-object wireless LAN access point 




301 


wire transmission/reception section 




302 


BSS identifier storage 




303 


unjust wireless station list 




304 


wireless transmission/reception section 


20 


305 


frame transmission source identifier list 




306 


receivable BSS identifier list 




307 


retrieval process executor 




308 


filtering identifier storage 




309 


unjust wireless station SSID storage 


25 


400 


administration-object wireless LAN client 



terminal 

401 wireless transmission/reception section 

402 retrieval process executor 

403 receivable BSS identifier list 

404 frame transmission source identifier list 

405 message reception/display section 

406 belonging BSS identifier storage 

407 receivable BSS identifier list 

500 unjust wireless station 

501 wireless LAN client terminal configuring an ad- 
hoc net 

502 wireless LAN client terminal configuring an ad- 
hoc net 

503 unjust wireless LAN access point (infra mode) 

504 unjust wireless LAN terminal (ad-hoc mode) 

600 wire LAN switch 

601 transmission/reception section 

602 operational processor 

603 filtering identifier storage 
[BEST MODE FOR CARRYING OUT THE INVENTION] 

[0050] 

Next, the embodiments of the present invention will be 
explained in details by making a reference to the 
accompanied drawings. Fig. 1 is a view illustrating a 
configuration of the wireless LAN monitor system to which 



the present invention applies. It is configured of an 
operation administering apparatus 100 for making an 
operational administration for the wireless LAN, a display 
200 for displaying operational administration information, 
an AP 300 that is an object of administration (being an 
access point and yet a wireless base station) , a wireless 
communication terminal 400 that is an object of 
administration (hereinafter, simply referred to as a 
terminal), a switch (SW) 600 for connecting the AP and the 
wire net, and an unjust wireless station 500 that is not 
an object of administration. The unjust wireless station 
500 exists as one of the ad-hoc net to which 
administration-object client terminal companions 501 and 
502 are connected, an AP 503 (hereinafter, referred to as 
an unjust AP) , being not an object of administration, 
which operates in an infrastructure mode and a terminal 
504 connected to the wire net that operates in an ad-hoc 
mode, or as a combination thereof. 
[0051] 

Fig. 2 is a view illustrating a functional block of 
each component of the wireless LAN monitor system 
associated with the present invention. The operation 
administering apparatus 100 is configured of an 
administration-object AP list (BSS identifier) 101 for 
filing information for identifying each interface of the 
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administration-object AP, a receivable BSS identifier list 
B 102 for filing the receivable BSS identifier acquired 
from the terminal that is not an object of administration, 
an unjust AP list 103 for filing information of the unjust 
5 AP, an unjust ad-hoc list 104 for filing information of 
the unjust ad-hoc, an unjust AP utilization terminal list 
105 for filing information of the terminal utilizing the 
unjust AP, an unjust AP detection terminal list 112 for 
filing information of the terminal having detected the 

10 unjust AP, an administration-object AP list (AP 

identifier) 106 for filing information for identifying the 
administration-object AP, an administration-object 
terminal list (terminal identifier) 107 for filing 
information for identifying the administration-object 

15 terminal, an operational processor 108 for performing an 
operational process, an AP installation position list 109 
for filing installation position information of the AP, an 
SW installation position list 110 for filing installation 
position information of the SW, a transmission/reception 

20 section 111 for making communication with the other 

components, a monitor process executor 113 for taking a 
monitoring control, and a frame transmission source 
identifier list B 114 for filing frame transmission source 
identifier information from the terminal. 

25 [0052] 



The display 200 is configured of a display section 201 
for displaying operational administration information, and 
a transmission/reception section 202 for making 
communication with the other components. The AP 300 is 
configured of a wire transmission/reception section 301 
for making communication with the other components in the 
wire side, a BSS identifier storage 302 for filing the BSS 
identifier allotted to the above AP 300, an unjust 
wireless station list 303 for filing information of the 
unjust wireless station, and a wireless 
transmission/reception section 304 for making 
communication with the other component in the wireless 
side . 

[0053] 

The administration-object client terminal 400 is 
configured of a wireless transmission/reception section 
401 for making communication with the AP, a retrieval 
process executor 402 for searching the wireless LAN that 
exists around the administration-object client terminal, a 
receivable BSS identifier list A 403 for filing BSS 
identifier information, being a retrieval result, a frame 
transmission source identifier list 404 for filing the 
frame transmission source identifier, being a retrieval 
result, a message reception/display section 405 for 
receiving/displaying a message that is notified from the 
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other components, a belonging BSS identifier storage 406 
for filing the BSS identifier of the AP to which the above 
client terminal belongs, and an unjust wireless station 
list 407 in which the identifier list for excluding the 
5 unjust wireless station from the connection destination is 
filed. 

[0054] 

The SW 600 is configured of a transmission/reception 
section 601 for making communication with the other 
10 components, an operational processor 602 for performing an 
operation process, and a filtering identifier storage 603 
for filing the identifier for identifying an object of 
filtering in making a packet filtering. 

[0055] 

15 Fig. 3 is a view illustrating a process flow of the 

wireless LAN monitor system to which the present invention 
applies. The process is divided into two independent 
processes of an information acquisition process by the 
administration-object terminal, and a monitoring/control 

20 process based upon information by the operation 

administering apparatus. The affiliated process in which 
the administration-object terminal operates under an 
instruction from the operation administering apparatus is 
also possible; however they are explained as the 

25 independent process hereinafter, respectively. Further, 
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Fig. 4 and Fig. 5 are views illustrating an operation 
within the operation administering apparatus in the 
process flow. Fig. 6 shows an example of the case that the 
administration-object AP (a triangular mark), the unjust 
AP (a star mark), and the terminal (a square mark) coexist. 
A line drawn between the terminal and the administration- 
object AP, or a line between the terminal and the unjust 
AP signifies a connection relation between the terminal 
and the AP. Fig. 7 (a) is a view illustrating a physical 
arrangement of the administration-object AP and the SW, in 
which an example of separating a region into a plurality 
of blocks (B4-1 to B4-24) is shown, and Fig. 7 (b) and (c) 
are a view illustrating the installation position of the 
SW and the AP by block unit, respectively. 
[0056] 

The retrieval process executor 402 of the 
administration-object client terminal regularly initiates 
information acquisition of the surrounding wireless 
environments via the wireless transmission/reception 
section 401. The information acquisition is made not only 
for a frequency channel that the administration-object 
client terminal uses at its time point, but also for the 
other channels. The administration-object AP and the 
unjust wireless station transmit the frame for 
administration and the frame of a data (701 of Fig. 3), so 
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the administration-object client terminal acquires these 
frames, and files the BSS identifier acquired from the 
frame into the receivable BSS identifier list A 403. The 
BSS identifier acquired from the frame, the identifier of 
5 its frame transmission source apparatus, and information 
for identifying whether its frame is a frame from the 
terminal to the AP, or a frame from the AP to the terminal 
are filed into the frame transmission source identifier 
list 404. 

10 [0057] 

The operation administering apparatus acquires the BSS 
identifier of the administration-object AP (702 of Fig. 3 
and 801 of Fig. 4 (The details of this 801 will be later 
described in the section of the embodiment) ) . Additionally, 

15 in Fig. 3, the administration-object AP is shown as a 
normal AP, and it is assumed that the situation is 
identical in the other figures as well. The monitor 
process executor 113 requests the BSS identifier of the AP 
described in the administration-object AP list (AP 

20 identifier) 106 (Fig. 8 (a)). The AP gives information of 
the BSS identifier storage 302 to the operation 
administering apparatus as a reply, and the operation 
administering apparatus files the acquired information 
into the administration-object AP list (BSS identifier) 

25 101. Additionally, it is acceptable that the 
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administration-object AP list (BSS identifier) is prepared 
in advance and retained by the operation administering 
apparatus . 
[0058] 

5 Next, the receivable BSS identifier is acquired (703 

of Fig. 3 and 802 of Fig. 4 (The details of this 802 will 
be later described in the section of the embodiment)). The 
monitor process executor 113 requests the receivable BSS 
identifier of the terminal described in the 

10 administration-object terminal list (terminal identifier) 
107. The administration-object terminal gives information 
of the receivable BSS identifier list A 403 and 
information of the belonging BSS identifier storage 406 to 
the operation administering apparatus as a reply, and the 

15 operation administering apparatus files the acquired 

information into the receivable BSS identifier list B 102 
(Fig. 8 (b) ) . 
[0059] 

The monitor process executor 113 prepares the unjust 
20 AP list, the unjust ad-hoc list, and the unjust AP 

detection terminal list (803 of Fig. 4 (The details of 
this 803 will be later described in the section of the 
embodiment)). The monitor process executor 113 compares 
the BSS identifier of the administration-object AP list 
25 (BSS identifier) 101 with the BSS identifier of the 
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receivable BSS identifier list B 102, and extracts the BSS 
identifier that does not exists in the administration- 
object AP list (BSS identifier) 101. In a case where the 
BSS classification to be included in the BSS identifier is 
5 an AP, it files the receivable BSS identifier, and the BSS 
identifier of the AP to which the terminal having detected 
the unjust AP belongs into the unjust AP list 103 (Fig. 8 
(c) ) as an unjust AP BSS identifier and a detection BSS 
identifier respectively. Further, it files information of 

10 the administration-object terminal having detected the 

above unjust AP into the unjust AP detection terminal list 
112 (Fig. 8 (d) ) . In a case where the BSS classification 
is an ad-hoc, it files the receivable BSS identifier and 
the BSS identifier of the AP to which the administration- 

15 object terminal having detected the unjust ad-hoc belongs 
into the unjust ad-hoc list 104. The above process enables 
the unjust AP and the unjust ad-hoc to be detected. 
[0060] 

Next, hereinafter, the process will be explained of, 
20 by utilizing information of the unjust AP and the unjust 
ad-hoc detected with the above-mentioned technique, 
detecting the terminal making a connection with this 
unjust AP etc., further, to determine whether or not the 
detected terminal is a terminal that is an object of 
25 administration, and to separate the unjust one. 
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[0061] 

The monitor process executor 113 notifies information 
described in the unjust AP list 103 to the administration- 
object AP to which the terminal having detected the unjust 
5 AP belongs (704 of Fig. 3 and 901 of Fig. 5) . The 

administration-object AP having received an notification 
files the information into the unjust wireless station 
list 303, and notifies the information of the unjust 
wireless station to the administration-object client 

10 terminal having a connection therewith regularly or by 

means of an instruction from the outside (705 of Fig. 3) . 
The administration-object terminal having received a 
notification displays the information of the unjust 
wireless station in the message reception/display section 

15 405, notifies the fact that the unjust wireless station 
exists to the user, and simultaneously therewith, files 
the information of the unjust wireless station into the 
unjust wireless station list 407. The administration- 
object terminal makes it a rule not to make a connection 

20 with the wireless station (base station or terminal) 

registered to the unjust wireless station list in making a 
connection thereafter. 
[0062] 

Next, the frame transmission source identifier is 
25 acquired (706 of Fig. 3 and 902 of Fig. 5 (The details of 
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this 902 will be later described in the section of the 
embodiment) ) . The monitor process executor 113 requests of 
the administration-object terminal described in the unjust 
AP detection terminal list 112 ((d) of Fig. 8) the 
5 transmission source identifier (the identifier of the 

terminal utilizing the unjust AP: hereinafter, referred to 
as an unjust utilization terminal identifier) of the frame 
that flows from the terminal to the AP. The 
administration-object terminal acquires desired 

10 information from the frame transmission source identifier 
list 404, and gives it to the operation administering 
apparatus as a reply. The operation administering 
apparatus files the acquired information into the frame 
transmission source identifier list B 114 ((e) of Fig. 8). 

15 [0063] 

The operation administering apparatus acquires the BSS 
identifier of the administration-object terminal having 
detected the unjust AP from the unjust AP BSS identifier 
of the frame transmission source identifier list B 114 

20 ((e) of Fig. 8) and the unjust AP list ((c) of Fig. 8), 
and files a positional relation of the administration- 
object AP to which the administration-object terminal 
having detected the unjust utilization terminal identifier 
and the above unjust utilization terminal from the AP 

25 installation position list 109 ((c) of Fig. 7) and the 
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administration-object AP list (BSS identifier) 101 belongs 
into the unjust AP utilization terminal list 105 ((f) of 
Fig, 8) . Further, it specifies from the administration- 
object terminal list 107 whether or not the unjust 
5 utilization terminal identifier is an identifier of the 
administration-object terminal, and files its identifier 
into the unjust AP utilization terminal list 105 ( (f ) of 
Fig, 8) . Additionally, in (f) of Fig. 8, it is assumed 
that R-STA-2 is a terminal that is an object of 
10 administration. 
[0064] 

The monitor process executor 113 performs a measure 
against the unjust AP utilization terminal (903 of Fig. 5 
(The details of this 903 will.be later described in the 

15 section of the embodiment) ) . In a case where the unjust AP 
utilization terminal is an object of administration, if 
the continuous detection number of times is below N (N is 
a natural number) , the monitor process executor 113 
notifies a message for prohibiting utilization of the 

20 unjust AP (707 of Fig. 3) to the above unjust AP 

utilization terminal. In a case where the unjust AP 
utilization terminal is an object of administration and 
yet in a case where the continuous detection number of 
times is N or more, or in a case where it is not an object 

25 of administration, it retrieves the SW in the neighborhood 



of the unjust AP utilization terminal, and notifies the 
identifier of the unjust AP utilization terminal to the 
above SW (708 of Fig. 3) . 
[0065] 

With retrieving the SW in the neighborhood, for 
example, it is assumed that B4-2 and B4-21 are acquired 
from positional information of the unjust AP utilization 
terminal list ((f) of Fig. 8), the blocks (B4-1 to B4-3, 
B4-7 to B4-9, B4-14 to B4-16, and B4-20 to B4-22) around 
its position are located in the neighborhood in Fig. 7 (a), 
and SW 1, SW 2, SW 4, SW 8, SW 10 and SW 11 installed 
therein (a hatch portion of Fig. 9) are an object pf 
notification, respectively. 

[0066] 

The message reception/display section 405 of the 
administration-object terminal having received the message 
for prohibiting utilization of the unjust AP displays the 
message from the operation administering apparatus. 
Further, the SW having received the identifier of the 
unjust AP utilization terminal files its identifier into 
the filtering identifier storage 603, thereafter, compares 
the identifier with the transmission source identifier of 
the frame that goes through the transmission/reception 
section 601, and in a case where its value coincides with 
the value filed in the filtering identifier storage 603, 
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scraps its frame. 
[0067] 

The display 200 periodically acquires the unjust AP 
list 103, the unjust ad-hoc list 104, and the unjust AP 
utilization terminal list 105 of the operation 
administrating apparatus (709 of Fig. 3), and displays 
information of the unjust wireless station in the display 
section 201. In displaying the unjust wireless station, it 
is classified BSS classification by BSS classification, 
and the BSS identifier is displayed under each 
classification. With the AP, it is further hierarchized 
under the BSS identifier, and the identifier of the 
terminal utilizing the unjust AP is described. At its 
moment, the code (O X) for identifying whether or not the 
above terminal is an object of monitoring is affixed (Fig. 
2) . 

[Embodiment 1] 

[0068] 

Next, the foregoing best embodiment will be explained 
more specifically as an example. This embodiment 1 is an 
example in which a detection of the unjust wireless 
station is carried out by the terminal. The configuration 
of the wireless LAN monitor system and each component is 
identical to the foregoing. Fig. 3 is a view illustrating 
a process flow of the wireless LAN monitor system to which 
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the present invention applies. The process is divided into 
two independent processes of an information acquisition 
process by the administration-object terminal , and a 
monitoring/control process based upon information by the 
5 operation administering apparatus. The affiliated process 
in which the administration-object terminal operates under 
an instruction from the operation administering apparatus 
is also possible; however they are explained as the 
independent process hereinafter, respectively. 

10 [0069] 

Further, Fig. 4 and Fig. 5 are views illustrating an 
operation of the operation administering apparatus in the 
process flow. Fig. 6 shows an example of the case that the 
administration-object AP, the unjust AP, and the terminal 

15 co-exist. Fig. 7 (a) is a view illustrating a physical 

arrangement of the administration-object AP and the SW, in 
which an example of separating a region into a plurality 
of blocks (B4-1 to B4-24) is shown, and Fig. 7 (b) and (c) 
are a view illustrating the installation position of the 

20 SW and the AP by block unit, respectively. 
[0070] 

The retrieval process executor 402 of the 
administration-object client terminal regularly initiates 
information acquisition of the surrounding wireless 
25 environments via the wireless transmission/reception 
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section 401. The information acquisition is made not only 
for a frequency channel that the administration-object 
client terminal uses at its time point, but also for the 
other channels. The administration-object AP and the 
5 unjust wireless station transmit a beacon frame, a probe 
frame, and a data frame (701 of Fig. 3), so the 
administration-object client terminal acquires these 
frames, and files the BSSID acquired from the frame into 
the receivable BSS identifier list A 403. The 

10 administration-object client terminal files into the frame 
transmission source identifier list 404 the terminal BSSID 
acquired from the frame, an MAC address of the frame 
transmission source apparatus, and a "To DS" (DS: 
Distribution system, that is, it signifies a net) region 

15 and a "from DS" region for identifying whether its frame 

is a frame from the terminal to the AP or a frame from the 
AP to the terminal . 
[0071] 

At first, the operation administering apparatus 
20 acquires the BSSID of the administration-object AP (702 of 
Fig. 3 and 801 of Fig. 4). The monitor process executor 
113 request the BSSID of an IP address of the 
administration-object AP described in the administration- 
object AP list (AP identifier) 106 (8011 of Fig. 4) . The 
25 administration-object AP gives the BSSID filed in the BSS 
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identifier storage 302 to the operation administering 
apparatus as a reply, and the operation administering 
apparatus files the acquired BSSID into the 
administration-object AP list (BSS identifier) 101 (8012 
5 of Fig. 4) . Additionally, it is acceptable that the 

administration-object AP list (BSS identifier) is prepared 
in advance and is retained by the operation administering 
apparatus . 
[0072] 

10 Next, the receivable BSSID is acquired (703 of Fig. 3 

and 802 of Fig. 4) . The monitor process executor 113 
requests the receivable BSSID of the administration-object 
terminal described in the administration-object terminal 
list (terminal identifier) 107. The administration-object 

15 terminal gives the BSSID of the receivable BSS identifier 
list A 403 and the BSSID of the belonging BSS identifier 
storage 406 to the operation administering apparatus as a 
reply (8021 of Fig. 4), and the operation administering 
apparatus files the two acquired BSSIDs into the 

20 receivable BSS identifier list B 102 (8022 of Fig. 4). 
[0073] 

The monitor process executor 113 prepares the unjust 
AP list, the unjust ad-hoc list, and the unjust AP 
detection terminal list (803 of Fig. 4) . It compares the 
25 BSSID of the administration-object AP list (BSS 



identifier) 101 with the receivable BSSID described in the 
receivable BSS identifier list B 102 (8031 of Fig. 4), and 
extracts the BSSID that does not exist in the 
administration-object AP list (BSS identifier) 101 (8032 
of Fig. 4) . 
[0074] 

In a case where a '"universal/local bit (IEEE standard 
802) to be included in this BSSID is 0 (zero) (the "AP" of 
8033 of Fig. 4), the BSSID of the unjust AP and the BSSID 
of the AP to which the administration-object terminal 
having detected the unjust AP belongs are filed into the 
unjust AP list 103 (8034 and 8035 of Fig. 4). In a case 
where a "universal/local bit is 1 (one) (the "ad-hoc" of 
8033 of Fig. 4), the receivable BSSID and the BSSID of the 
AP to which the administration-object terminal having 
detected the unjust ad-hoc belongs are filed into the 
unjust ad-hoc list 104 (8036 of Fig. 4) . 

[0075] 

The above process allows the unjust AP to be detected. 
The process becomes necessary of preventing information 
from leaking from the unjust AP detected in such a manner, 
and in this moment, the following four cases are 
considered and the information leakage prevention measure 
differs for each case of these, so each case of these will 
be explained below as an embodiment 2. 
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[Embodiment 2] 

[0076] 

The so-called four cases mentioned above are (1) the 
case that the administration-object terminal is connected 
5 to the administration-object AP, (2) the case that the 

administration-object terminal is connected to the unjust 
AP, (3) the case that the unjust terminal is connected to 
the unjust AP, and (4) the case that the unjust terminal 
is connected to the administration-object AP. At first, 
10 the information leakage prevention measure in the case of 
(1) will be described. 

[0077] 

The monitor process executor 113 notifies the BSSID of 
the unjust AP described in the unjust AP list 103 to the 

15 AP to which the administration-object terminal having 

detected the unjust AP belongs (704 of Fig. 3, and 901 and 
9011 of Fig. 5) . The administration-object AP having 
received an notification files the BSSID of the unjust AP 
into the unjust wireless station list 303, and notifies 

20 the BSSID of the unjust AP to the administration-object 

client terminal having a connection therewith regularly or 
by means of an instruction from the outside (705 of Fig. 
3) . The terminal having received a notification displays 
the BSSID of the unjust AP in the message 

25 reception/display section 405, notifies the fact that the 
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unjust AP exists to the user, and simultaneously therewith, 
files the BSSID of the unjust AP into the unjust wireless 
station list 407. The administration-object terminal makes 
it a rule not to make a connection with the wireless 
5 station registered to the unjust wireless station list in 
making a connection thereafter. 
[0078] 

Next, the frame transmission source identifier is 
acquired (706 of Fig. 3 and 902 of Fig. 5) . The monitor 

10 process executor 113 requests of the administration-object 
terminal described in the unjust AP detection terminal 
list 112 ( (d) of Fig. 8) a transmission source MAC address 
(an MAC address of the terminal utilizing the unjust AP: 
hereinafter, referred to as an unjust utilization terminal 

15 MAC address) of the frame that flows from the terminal to 
the AP. The administration-object terminal acquires the 
transmission source MAC address of the frame of which the 
value of the "To DS" region is 1 (one) from the frame 
transmission source identifier list 404, and gives it to 

20 the operation administering apparatus as a reply. 
[0079] 

The operation administering apparatus files the 
acquired MAC address into the frame transmission source 
identifier list B 114 (9021 of Fig. 5) . It acquires the 
25 BSSID of the administration-object terminal having 
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detected the unjust AP from the unjust AP BSSID of the 
frame transmission source identifier list B 114 ( (e) of 
Fig. 8) and the unjust AP list ((c) of Fig. 8), and files 
a positional relation of the AP to which the 
5 administration-object terminal having detected the unjust 
utilization terminal MAC address and the above unjust 
utilization terminal from the AP installation position 
list 109 ((c) of Fig. 7) and the administration-object AP 
list (BSS identifier) 101 belongs into the unjust AP 

10 utilization terminal list 105 ((f) of Fig. 8) (9022 of Fig. 
5) . Further, it specifies from the administration-object 
terminal list 107 whether or not the unjust utilization 
terminal MAC address is a MAC address of the 
administration-object terminal (9023 of Fig. 5) , and files 

15 its address into the unjust AP utilization terminal list 
105 ((f) of Fig. 8) (9024 of Fig. 5). Additionally, in (f) 
of Fig. 8, it is assumed that R-STA-2 is a terminal that 
is an object of administration. 
[0080] 

20 Next, the information leakage prevention measures in 

the case that the administration-object terminal is 
connected to the unjust AP, being the case of (2), and in 
the case that the unjust terminal is connected to the 
unjust AP, being the case of (3), will be described. The 

25 monitor process executor 113 performs a measure against 
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the unjust AP utilization terminal (903 of Fig. 5) . In a 
case where the unjust AP utilization terminal is an object 
of administration ("yes" in 9031 of Fig. 5: it is the case 
of (2)), if the continuous detection number of times is 
5 below N, the monitor process executor 113 notifies the 
message for prohibiting utilization of the unjust AP to 
the above unjust AP utilization terminal (707 of Fig. 3 
and 9032 and 9033 of Fig. 5) . In a case where the unjust 
AP utilization terminal is an object of administration and 

10 yet in a case where the continuous detection number of 

times is N or more, or in a case where it is not an object 
of administration (it is the case of (3), it retrieves the 
SW in the neighborhood of the unjust AP utilization 
terminal (9034 of Fig. 5), and notifies the MAC address of 

15 the unjust AP utilization terminal to the above SW (708 of 
Fig. 3) (9035 of Fig. 5) . 
[0081] 

With retrieving the SW in the neighborhood, for 
example, it is assumed that B4-2 and B4-21 are acquired 

20 from positional information of the unjust AP utilization 
terminal list ((f) of Fig. 8), the blocks (B4-1 to B4-3, 
B4-7 to B4-9, B4-14 to B4-16, and B4-20 to B4-22) around 
its position are located in the neighborhood in Fig. 7 (a) , 
and SW 1, SW 2, SW 4, SW 8, SW 10 and SW 11 installed 

25 therein (a mesh portion of Fig. 9) are an object of 
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notification, respectively, 
[0082] 

The message reception/display section 405 of the 
administration-object terminal having received the message 
5 for prohibiting utilization of the unjust AP displays the 
message from the operation administering apparatus. 
Further, the SW having received the MAC address of the 
unjust AP utilization terminal files its MAC address into 
the filtering identifier storage 603, thereafter, compares 

10 the MAC address with the transmission source MAC address 
of a frame that goes through the transmission/reception 
section 601, and in a case where its value coincides with 
the value filed in the filtering identifier storage 603, 
scraps its frame. 

15 [0083] 

The display 200 periodically acquires the unjust AP 
list 103, the unjust ad-hoc list 104, and the unjust AP 
utilization terminal list 105 of the operation 
administering apparatus (709 of Fig. 3), and displays the 

20 BSSID of the unjust wireless station in the display 

section 201. In displaying the unjust wireless station, it 
is classified BSS classification by BSS classification, 
and the BSSID is displayed under each classification. With 
the AP, it is further hierarchized under the BSSID, and 

25 the MAC address of the terminal utilizing the unjust AP is 
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described. At its moment, the code (O X) for identifying 
whether or not the above terminal is an object of 
monitoring is affixed (Fig. 2) . 
[0084] 

5 The case that the unjust terminal is connected to the 

administration-object AP, being the case of (4), will be 
described. The transmission source address has been 
inserted into a data packet header and the BSSID of the 
administration-object AP is already known, so the MAC 

10 address of the terminal connected to the administration- 
object AP is understood. Thus, comparing this MAC address 
with the address of the terminal registered to the 
operation administering apparatus makes it possible to 
specify whether or not it is an unjust terminal. Thereupon, 

15 taking a measure for incapacitating the unjust terminal 
connected to the administration-object AP from 
communicating can prevent the information leakage from 
occurring. As an example for this end, as mentioned 
previously, there exist the method of scrapping the frame 

20 by making a filtering in the SW, the method of instructing 
the administration-object AP to disconnect a circuit, the 
method of scrapping the frame by making a filtering by 
this AP itself, or the like. 
[0085] 

25 Additionally, the above-mentioned determination of the 
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administration-object AP is enabled by utilizing the BSSID 
that is a specific identifier, and the SSID, which is 
easily falsified, does not enable the unjust AP or 
terminal to be specified, thereby making it difficult to 
5 take the information leakage prevention measure 

corresponding to each of the above-mentioned (1) to (4), 
and the technique of employing the SSID in the above- 
mentioned patent document 1 is not practical. 
[0086] 

10 In the previous embodiment 1, only the BSSID was 

acquired as information of the unjust wireless station, 
displayed in the display, and notified to the 
administration-object AP; however it is acceptable that 
the SSID is also acquired together with the BSSID and 

15 displayed, and notified. Further, it was explained that 
the BSSID of the unjust wireless station was notified to 
the administration-object terminal via the administration- 
object AP; however it may be directly notified to the 
administration-object terminal from the operation 

20 administering apparatus. 
[0087] 

Further, in the embodiment 1, the detection result was 
displayed in the display; however the detection result is 
not displayed in the display, but may be notified to an 
25 administrator by utilizing a predetermined communication 



means. As the communication means, for example, a 
telephone, an electronic mail, etc, are thought. Further, 
it was described that, in the embodiment 1, all of the 
detection of the unjust wireless station, the notification 
of the detection result, and the control based upon the 
detection result were carried out; however, the system for 
executing one part of these, for example, only the 
detection of the unjust wireless station may be acceptable. 
Further, the system may be provided with the function that 
is capable of, by the user's setting, selectively 
executing one part or the entirety of the process. 

[Embodiment 3] 

[0088] 

In the embodiment 1, the administration-object 
terminal detected the unjust wireless station; however it 
is also thought that the administration-object AP detects 
the unjust wireless station. Fig. 10 is a view 
illustrating a process flow of this embodiment. A 
difference with the process flow of the embodiment 1 lies 
in a point that acquisition of the receivable BSS 
identifier (710 of Fig. 10) and acquisition of the frame 
transmission source identifier (711 of Fig. 10) are 
carried out between the operation administering apparatus 
and the administration-object AP. 

[0089] 
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Fig, 11 is a view illustrating a functional block of 
each component of the wireless LAN monitor system 
associated with the embodiment 3. A difference with the 
functional block of the embodiment 1 lies in a point that 
5 the retrieval process executor 402, the receivable BSS 
identifier list A, and the frame transmission source 
identifier list 404, which existed in the administration- 
object terminal in the embodiment 1, fall into disuse, and 
a retrieval process executor 307, a receivable BSS 

10 identifier list A 306, and a frame transmission source 

identifier list 305 exist in the administration-object AP, 
and a point that the unjust AP detection terminal list 112 
that existed in the operation administering apparatus, 
falls into disuse, and an unjust AP detection AP list 115 

15 exists. 

[0090] 

Each of Fig. 12 and Fig. 13 is a view illustrating an 
operation of the operation administering apparatus in the 
process flow, and identical codes are affixed to the 

20 identical portion to Fig. 4 and Fig. 5. A difference with 
the embodiment 1 lies in 804 and 803 of Fig. 12 and 905 of 
Fig. 13. In 804 of Fig. 12, the operation administering 
apparatus requests of each IP address of the 
administration-object AP described in the administration- 

25 object AP list the receivable BSSID and the BSSID of the 
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above AP (8041 of Fig. 12) , and outputs the acquired BSSID 
to the receivable BSS identifier list B 102 (8042 of Fig. 
12) . 

[0091] 

5 In 803 of Fig. 12, the operation administering 

apparatus compares the BSSID of the receivable BSS 
identifier list B with the BSS identifier of the 
administration-object AP list (BSS identifier) (8032 of 
Fig. 12), in a case where it is determined that it is an 

10 BSSID that is not included in the administration-object 

list and its BSS classification is an AP (8033 of Fig. 12), 
writes the above BSSID into the unjust AP list (8034 of 
Fig. 12), and further, writes the BSSID of the 
administration-object AP having detected the unjust AP 

15 into the unjust AP detection AP list (8037 of Fig. 12) . 

Fig. 14 shows an example of the receivable BSS identifier 
list B and the unjust AP detection AP list. 
[0092] 

Fig. 13, which shows an operation of the information 
20 leakage prevention process in this embodiment, is 

basically identical to Fig. 5, and the different portion 
will be explained. The operation administering apparatus 
notifies the BSSID of the unjust AP to the administration- 
object AP (904 of Fig. 13). And, it acquires the frame 
25 transmission source identifier from this AP (9051 of Fig. 
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13) , and acquires a position of the AP from the BSSID of 
the above AP and the AP installation position list (9052 
of Fig. 13) . Next, it compares the frame transmission 
source identifier with an entry of the administration- 
5 object terminal list, determines whether the terminal 

utilizing the unjust AP is an already-registered one (9053 
of Fig. 13), and writes the frame transmission source 
identifier, the position of the AP having detected the 
unjust AP, and information as to whether or not the 
10 terminal utilizing the unjust AP is an already-registered 
one into the unjust AP utilization terminal list (9054 of 
Fig. 13) . A process 903 is identical to that of Fig. 5. 

[Embodiment 4] 

[0093] 

15 Next, the embodiment of affixing not only the BSSID 

but also a company name for displaying the unjust AP will 
be explained. In the previous embodiment 1, the BSSID was 
used for displaying the unjust AP; however it is also 
thought that, as a rule, an organization name of the 

20 producer of the above unjust AP that can be easily 

identified is affixed in addition to the BSSID of which 
identification is difficult for a person. Fig. 15 is a 
view illustrating an functional block of each component of 
the wireless LAN monitor system associated with embodiment 

25 4. A difference in the functional block with the 
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embodiment 1 lies in a point that a company ID list 116 is 
added to the operation administering apparatus. An example 
of the company ID list is shown in Fig. 16. The company ID 
assumes a three-byte value that is signified in a 
5 hexadecimal notation, and the organization name assumes a 
character-ring signifying the producer. 
[0094] 

The display 200 acquires the company ID list in 
addition to the unjust AP list and the unjust ad-hoc list 

10 from the operation administering apparatus. The entry that 
coincides with the first three bytes of the BSSID of the 
acquired unjust AP list is retrieved from the company ID 
list because three bytes of the BSSID, beginning with the 
head, is a company ID. A vendor name obtained by 

15 retrieving in displaying the unjust AP is affixed 
following the BSSID. 
[0095] 

Specifically, the BSSID of the unjust AP that is shown 
in Fig. 15 is 01 : 23 : 45 : 67 : 89 : ab, 00:11:22:33:44:55, and 

20 00: 66:77: 88: 99:aa, respectively, and each three-byte 

company ID beginning with the head is 01:23:45, 00:11:22, 
and 00:66:77, respectively. With each company ID assumed 
to be a key, it is determined from Fig. 16 that the 
producer of each unjust AP is company 1, company 2, and 

25 company 3, respectively, of which the organization name is 
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displayed in the display section. Additionally, in the 
explanation, the BSSID and the organization name were 
caused to correspond to each other within the display; 
however they may be caused to correspond in the operation 
5 administering apparatus side. 

[Embodiment 5] 

[0096] 

Next, the embodiment will be described of, in a case 
where the unjust AP has appeared, setting the SSID 

10 identical to that of the unjust AP for the administration- 
object AP around the AP having detected the unjust AP. 
That is, the previous embodiment 1 is configured so that, 
by detecting an MAC address of the terminal connected to 
the unjust AP to set its MAC address for the SW, the frame 

15 from the terminal having made a connection with the unjust 
AP is scrapped in the SW; however it is also thought that 
the terminal, being not an object of administration, which 
tries to make a connection with the unjust AP, is caused 
to make a connection with the administration-object AP and 

20 the frame from its terminal, being not an object of 

administration, is scrapped in the administration-object 
AP. 

[0097] 

Fig. 17 is a view illustrating a process flow of the 
25 embodiment 5. A difference with the process flow of the 
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embodiment 1 lies in a point that the acquisition 706 of 
the frame transmission source identifier that is carried 
out between the operation administering apparatus and the 
administration-object terminal, the message notification 
5 707 of the unjust wireless station utilization prohibition 
that is carried out between the operation administering 
apparatus and the administration-object terminal having 
made a connection with the unjust AP, and the notification 
708 of the unjust utilization terminal identifier that is 

10 carried out between the operation administering apparatus 
and the SW are deleted, and an unjust wireless station 
SSID notification 713 that is carried out between the 
operation administering apparatus and the administration- 
object AP is added. 

15 [0098] 

Fig. 18 is a view illustrating a functional block of 
each component of the wireless LAN monitor system 
associated with the embodiment 4. A difference with the 
functional block of the embodiment 1 lies in a point that 

20 the frame transmission source identifier list of the 

administration-object terminal is not necessitated, in a 
point that, in addition to the receivable BSSID, the SSID 
of the unjust wireless station having the above BSSID is 
also filed into the receivable BSS identifier list A 403 

25 of the administration-object terminal, in a point that the 
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SSID of the unjust wireless station is also filed into the 
receivable BSS identifier list B of the operation 
administering apparatus similarly (Fig. 19), and in a 
point that an unjust wireless station SSID storage 309 for 
5 filing the SSID of the unjust wireless station and a 
filtering identifier storage 308 for filing the MAC 
address of the terminal, being not an object of 
administration, which has a connection by using the SSID 
filed in the unjust wireless station SSID storage are 
10 added to the administration-object AP. 
[0099] 

Each of Fig. 20 and Fig. 21 is a view illustrating an 
operation of the operation administering apparatus in the 
process flow, and in Fig. 20, identical codes are affixed 

15 to the identical portion to Fig. 4. A difference with the 
embodiment 1 lies in a point that the processes of 805 of 
Fig. 20 and 906 of Fig. 21 are added/changed, and a point 
that 902 and 903 of Fig. 5 are deleted. In 805 of Fig. 20, 
the operation administering apparatus acquires the SSID in 

20 addition to the receivable BSSID from the administration- 
object terminal (8051 of Fig. 20), and files it into the 
receivable BSS identifier list B (8052 of Fig. 20) . In 906 
of Fig. 21, the operation administering apparatus notifies 
the SSID of the unjust AP that the terminal making a 

25 connection with its administration-object AP has detected 
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to the administration-object AP to which the 
administration-object terminal having detected the unjust 
AP belongs (9061 and 9062 of Fig. 20). 
[0100] 

5 The terminal that intends to utilize the wireless LAN, 

as a rule, searches the surroundings to acquire the 
receivable SSIDs, and tries to make a connection with the 
wireless LAN having a desired SSID from among them. For 
this, an unjust invasion into the wire net by using the 
10 unjust AP necessitates the procedure of installing the 

unjust AP to make a connection with its unjust AP, and to 
invade into the wire net. 
[0101] 

In this embodiment, the operation administering 
15 apparatus acquires the SSID of the unjust AP from the 

administration-object terminal (712 of Fig. 17), and sets 
the SSID of the acquired unjust AP for the administration- 
object AP (713 of Fig. 17 and 9062 of Fig. 21) . The 
administration-object AP loads the above SSID into a 
20 beacon for transmission, whereby the environments in which 
a plurality of the APs each having a different BSSID but 
an identical SSID exist is erected, which lowers the 
frequency that the terminal that tries to make a 
connection with the unjust AP succeeds in making a 
25 connection with the unjust AP. Its terminal is sometimes 
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connected with administration-object AP, and in this case, 
it follows that communication between the above terminal 
and the wire net is interrupted. 
[0102] 

As mentioned above, in accordance with the present 
invention, using the specific BSS identifier for 
determining the unjust wireless station makes it possible 
to detect/display not only the access point telling a 
falsehood about the SS identifier but also the access 
point concealing the SS identifier as an unjust wireless 
station. Further, displaying the unjust wireless station 
classification by classification allows the scope of the 
object, which is investigated, to be narrowed down, and 
the investigation/withdrawal practice of the unjust 
wireless station to be improved. In addition hereto, by 
acquiring the identifier of the terminal having connected 
with the unjust AP to scrap the frame by means of the 
access point or the wire LAN switch with the above 
identifier assumed to be a key, the security that can 
prevent an access to the wire net from being made via the 
unjust AP and information from leaking is improved. 

[0103] 

Each operational flow mentioned above is a flow for 
enabling such a step to be executed of pre-filing the 
operational procedure as a program in a record medium to 
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cause a computer to read this for execution. 



